-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rootless podman not using conmon_path from /etc/containers/libpod.conf #2174
Comments
yes, at the moment we don't honor Is conmon installed at some path that the default libpod configuration doesn't know about? |
But the error message implies that podman 1.0.0 is not honoring that default libpod configuration either and looking at a different list of paths somehow. |
I agree. It seems that when generating |
Podman should definitely do that for config options. openSUSE is shipping a |
I agree, and it seems to me the hard coded defaults are different from the defaults written in the default libpod.conf from https://github.com/containers/libpod/blob/master/libpod.conf |
I am not sure about it. We should be careful and cherry-pick only the options that can be inherited safely from the global configuration. Some of them would override the defaults tailored for the rootless mode. |
maybe we should maintain a white list for those that must be inherited from |
ACK. We shouldn't blindly copy but need to pick the ones that make sense. |
I had the same issue, and had to patch libpod because of it (lack of rootless configuration) sed -e 's|"/etc/cni|"/usr/local/etc/cni|' -i libpod.conf
sed -e 's|"/etc/cni|"/usr/local/etc/cni|' -i libpod/runtime.go
sed -e 's|/usr/libexec/|/usr/local/lib/|' -i libpod.conf
sed -e 's|/usr/libexec/|/usr/local/lib/|' -i libpod/runtime.go
sed -e 's|/usr/share/|/usr/local/share/|' -i libpod/runtime.go Otherwise it is not able to find CNI, which means that rootless podman is not able to start up. Unfortunately it also means it is "dirty", so configuration would be preferred.
|
We should definitely get the executable paths from libpod.conf |
Would it be possible to add I think that # CGroup Manager - valid values are "systemd" and "cgroupfs"
cgroup_manager = "cgroupfs"
# Whether to use chroot instead of pivot_root in the runtime
no_pivot_root = true
# Directory containing CNI plugin configuration files
cni_config_dir = "/usr/local/etc/cni/net.d/" |
The systemd cgroup manager doesn't work at all with rootless, so we shouldn't bother sourcing that - it needs to stay unconditionally set to The other two would be nice to have, though |
I can add
|
The I seem to recall some error from CNI, but maybe that was just normal podman and not rootless ? |
Got some other error now: The other error was (as I suspected) when running as root: So |
if some paths are overriden in the global configuration file, be sure that rootless podman honors them. Closes: containers#2174 Signed-off-by: Giuseppe Scrivano <[email protected]>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
running
podman run hello-world
as a non-root user produces the following error messageThe container obviously does not start
/etc/containers/libpod.conf
has conmon_path set to/usr/lib/podman/bin/conmon
, which is the correct location for conmon on all *SUSE distributions.The above error message clearly implies that podman has not read this parameter and instead is only looking in the default locations.
My expectation was that rootless podman should inherit its parameters from
/etc/containers/libpod.conf
and only be overriden by a~.config/containers/libpod.conf
if it is manually created by the user.Steps to reproduce the issue:
Install podman on openSUSE Tumbleweed version 20190115 or later. Alternatively install Kubic with the microos system role (the default) - podman is the default container runtime there.
run
podman run hello-world
as a non-root userThere is no step 3
Output of
podman version
:Output of
podman info
:The text was updated successfully, but these errors were encountered: